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A METHOD OF CIRCUIT VERIFICATION IN DIGITAL DESIGN 



Field of the invention 

The present invention relates to a method of circuit verification in digital 
5 design and in particular relates to a method of register transfer level property checking 
to enable the same. 



Background to the invention 

Today's electrical circuit designs frequently contain up to several million 

10 transistors and circuit designs need to be checked to ensure that circuits operate 

correctly. Formal methods for verification are becoming increasingly attractive since 
they confirm design behaviour without exhaustively simulating a design. Over the 
past years, bounded model checking and bounded property checking have increased in 
significance in electronic design automation (EDA). When checking large industrial 

1 5 circuits, long run times, ranging between hours and several days, are quite common. 
With designs continually increasing in size and complexity the test for correct 
behaviour becomes more important and a major economic issue, but at the same time 
becomes more complex, time consuming and expensive. Automated abstraction 
techniques have been developed to enhance capabilities of formal verification 

20 methods. 

Abstraction techniques are used as a pre-process in high-level property 
checking of digital circuits. The majority of today's industrial hardware verification 
tools use bit-level decision procedures, like decision procedures for the Boolean 
satisfiability problem (SAT) or decision procedures based on binary decision diagrams 

25 (BDDs) . In electronic design automation, SAT procedures have many direct 

applications, including test pattern generation, timing analysis, logic verification, 
functional testing, etc. SAT belongs to the class of NP-complete problems, with 
algorithmic solutions having exponential worst case complexity. This problem has 
been widely investigated and continues to be so because efficient SAT techniques can 

30 greatly affect the operation of many EDA tools. For example in VLSI CAD, SAT 
formulations start from an abstract circuit description, for which a required output 
value needs to be validated. The resulting formulation is then mapped on to an 
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instance of SAT. Conjunctive Normal Form (CNF) formulae can be used and several 
versions of this procedure incorporate a chronological backtrack-determination: at each 
node in the search tree, an assignment is selected and a subsequent search procedure is 
controlled by iterative application of "unit clauses" and "pure literal rules". Non- 
chronological backtrack determinations are also known. An alternative to SAT are 
BDDs: a set of BDD's can be constructed representing output value constraints. The 
conjunction of all the constraints expressed as a Boolean product of the corresponding 
BDD (termed as a product BDD) represents the set of all satisfying solutions. Any 
element of the resulting constraint set gives a feasible SAT solution. However a major 
limitation of this approach is that there is a corresponding exponential increase in 
memory requirement for the operating system and in run times of the verification tools. 
The CNF-based SAT solvers can be directly applied to circuits, which are broken 
down into bit-level Boolean logic, by transforming the entire circuit into CNF 
formulae. However, since practical gate-level circuit descriptions can be quite large, 
dealing with substantially large CNF formulae results in unacceptable CPU run times. 
However, circuit designs are usually defined in terms of Register-Transfer-Level 
(RTL) specifications, for example, coded in hardware description languages (HDL/s) 
like VHDL or Verilog. RTL specifications of digital circuits contain explicit structural 
information which is lost in bit-level descriptions. At the bit-level, for example in gate 
lists, all signals are of 1 -bit width and all available functional units are Boolean gates. 
In contrast, with RTL, word-level data structures, for example bit-vectors and buses, as 
well as high-level operators, for example adders, multipliers and shifters, are still 
visible. Several approaches to formal circuit verification have been proposed which 
make use of such high level information. 

D. Cyrluk et al present a word-level decision procedure for the core theory of 
bit-vectors with extraction and concatenation in "An efficient decision procedure for 
the theory of fixed sized bit- vectors" (CAV-97), pages 60 to 71, 1997, using bit-vector 
BDDs and applying width abstraction to the core theory. 

Object of the invention 

The present invention seeks to provide an improved circuit verification 
procedure. 
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Statement of the invention 

In accordance with a first aspect of the invention, there is provided a digital 
circuit design verification method wherein, prior to a property checking process for 
each property of a non-reduced RTL model, a reduced RTL model is determined, 
5 which reduced RTL model retains specific signal properties of a non-reduced RTL 
model which are to be checked. 

Conveniently the design verification process comprises, in a step prior to the 
determination of a reduced width RTL model, of determining the design specification 
of the digital circuit design and the specification of the properties to be investigated, 
10 synthesising an RTL netlist of high level primitives whereby the circuit is defined as 
an interconnection of control and data path portions, wherein in signals of a width n 
are determined such that: 

n G N+; 

wherein bitvectors of respective length determine the signal value. 

1 5 Conveniently, in the property checking process, an internal bit level representation 
contains a bit level variable for each bit of each word signal. This bit-level 
representation is passed to a verification engine and then to a property test unit which 
operates to provide a positive result if the investigated property holds true for the 
circuit and which operates to provide a counter-example if the property does not hold. 

20 In the event that a counter-example is produced for the reduced RTL design, signal 
width enhancement is performed to create a counter-example for the original RTL. 

In accordance with a further aspect of the present invention there is provided a 
digital circuit design verification tool wherein a pre-property checking unit is operable 
to reduce the widths of the signals occurring in an RTL model of an input design 

25 specification and an input property specification, which reduced width RTL model 
retains the specific signal property of a non-reduced RTL model. 

Preferably the tool further comprises a front end unit operable to receive input 
data relating to a design specification and the property characteristics of a design to be 
verified and is operable to provide an RTL netlist of the circuit design and property 

30 whereby the circuit can be defined as an interconnection of control and data path 
portions, wherein in signals of a width n are determined such that 
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n E N+; and bitvectors of a respective length determine the signal value. 
Conveniently a property checking unit is operable to create an internal bit level 
representation having received a reduced RTL representation. This representation is 
sequentially passed to a verification engine and to a property test unit. The property 
test unit being operable to provide a positive result if the circuit property holds true 
and which is operable to provide a counter-example in the case of the property does 
not hold. Conveniently the signal width enhancement unit is operable to receive 
counter-examples for reduced RTL data and to expand the signal width to provide a 
counter example for the original RTL. 

A linear signal width reduction causes an exponential reduction of the induced 
state space. Reducing state space sizes in general goes hand in hand with reduced 
verification runtimes. Thus the technique holds a high potential for speeding up 
verification tasks. Tests have shown that the present invention can significantly reduce 
the runtimes of existing prover tools. Furthermore, the present invention will be able 
to process design sizes which have, hitherto, exceeded the capacities of existing 
verification tools and which could not be taken into account before due to resource 
limitations. FIFO's, queues, stacks, bridges and interface protocols comprise part of a 
class of digital hardware designs to which the present invention is particularly well 
suited to processing. 

A further advantage of the present invention is that, if the analysis yields that 
no reduction at all is possible for a given design and a given property, then reduced 
model and original design are identical. The verification task itself cannot be impaired 
by using the proposed method as a pre-process, and in all case studies pre-processing 
runtimes were negligible Furthermore, the technique can be applied in high-level 
equivalence checking and high-level simulation. High-level equivalence checking, for 
example, can be considered a special case of high-level property checking. The design 
specification can include two different implementations of the same circuit and the 
property can require functional equivalence, or the property itself can be written in a 
hardware description language representing a functional specification of the circuit. 
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Brief description of the figures 

The invention may be understood more readily, and various other aspects and 
features of the invention may become apparent, from consideration of the following 
description and the figures as shown in the accompanying drawing sheets, wherein: 

Figures la and lb show property checking flow diagrams; 

Figure 2 shows the basic steps involved in the abstraction technique of this 
invention; 

Figure 3 is a table detailing the syntax of various bit-vector operators supported 
in the reduction technique of this invention; 

Figure 4 is a flow chart detailing the generation of the reduced RTL model; 

Figure 5 shows the effect of slicing equivalence classes; 

Figure 6 illustrates a granularity analysis in terms of bit-vectors, dependency 
classes of bit- vector chunks and granularities; and 

Figure 6a details a process for determining the granularity analysis of bit-vector 
equations; 

Figure 7 illustrates a minimum width computation for a dependency class; 

Figure 7a details a process for reduced model generation; 

Figure 8 shows a block diagram of an Asynchronous Transfer Mode (ATM) 
switching element operable in accordance with the invention; 

Figure 9 comprises tabulated results of the address management unit shown in 
Figure 8; 

Figure 10 shows a granularity analysis flow chart together with a first example; 
Figure 1 1 shows a granularity analysis flow chart together with a second 
example; 

Figure 12 shows a granularity analysis flow chart together with a third 
example; 

Figure 13 shows a minimal width abstraction flow chart together with a first 
example; 

Figure 14 shows a minimal width abstraction flow chart together with a second 
example, 

Figure 15 shows a minimal width abstraction flow chart together with a third 
example; 
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Figure 16 shows a model generation flow chart together with a first example; 
Figure 17 shows a model generation flow chart together with a second 
example; and 

Figure 1 8 shows a model generation flow chart together with a third example. 

5 

Detailed description of invention 

There will now be described by way of example, the best mode contemplated 
by the inventor for carrying out the invention. In the following description numerous 
specific details are set out in order to provide a complete understanding of the 

1 0 invention. It will be apparent however, to those skilled in the art, that the present 
invention may be put in to practice with variations of the specific. 

Referring to Figure la there is shown a prior-art property checking flow 
diagram. A property specification,! 12, and a design specification, 1 14, is presented to 
a bounded property checker, 120. The property and design specifications, 1 12, 1 14, 

15 are input to a front end processor which converts the specifications to Register 

Transfer Level (RTL) specifications. A decision relating to the property is made at 
decision point 122: if the property holds then the design feature is confirmed 124; if 
the property does not hold, then a counterexample 126 is determined. A 
counterexample, as is known, is an indication that a circuit does not function in the 

20 way intended by the designer; a counterexample is given in terms of assignments of 
values to the circuit inputs such that a violation of the desired behaviour which is 
described by the property specification can be observed when looking a the values of 
the circuit outputs resulting from the circuit inputs. A design modification would be 
made to eliminate the occurrence of the counterexample and, indeed, further 

25 counterexamples which may consequentially arise. 

The present invention employs the use of properties described in a linear time 
logic over finite bounded intervals of time. Properties consist of an assumption part 
which implies a commitment part: 

30 Property = Assumptions => Commitment 
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Properties specify the intended behaviour of the design within a finite interval 
of time and consist of temporal operators and state expressions, involving relationships 
among data words. As an example consider: 

5 assume (during [t+0, t+4]: reset = 0) and (at t+0: request = 1); 

prove (at t+3 : acknowledge = 1) and (at t+4: data =11111111); 

Referring now to Figure lb, there is shown a property-checking flow in 
accordance with the invention. As a first step, design and property are synthesized into 
10 a flattened netlist of high-level primitives, called an RTL netlist, as is known. These 
netlists include word-level signals, word-level gates, arithmetic units, comparators 
(data to control), multiplexors (control to data) and memory elements Each signal x 

has a fixed given width n£N+ and takes bitvectors of respective length as values. The 
RTL representation of the design is handed to a property checker which translates the 

1 5 netlist into a bit-level representation and either proves that the property holds for the 
given design, or returns a counterexample. 

In a pre-processing step prior to the invocation of the property checker, the 
RTL netlist is obtained, 1 1 8, and a scaled down RTL model 130 is computed by signal- 
width reduction processor, 128, in which signal widths are reduced, while guaranteeing 

20 that: 



The property holds for the original RTL <=> The property holds for the reduced RTL 



The reduced RTL, 130, is given to the property checker, 132, instead of the 
25 original RTL. The internal bit-level representation, 138, used by the property checker 
contains a bit-level variable for each bit of each word-level signal of the RTL 
representation, and, depending on the degree of reduction of the signal widths, now 
can contain significantly less variables for the reduced RTL. The property checker, 
132 includes a verification engine (SAT, BDD...), 140. If the property does not hold, 
30 the property checker returns a counterexample in terms of an assignment of values to 
all inputs of the reduced RTL, 134. The method provides a technique which takes 
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such counterexample and generates an assignment of values to the inputs of the 
original design in a signal width enhancement step by signal width enhancement 
processor, 136, such that the property does not hold when these input values are 
applied to the circuit, and provides a counterexample, 126. 
5 The invention conveniently uses structural data-path dependency analyses for 

minimum width abstractions. The basic idea is illustrated by the following 
introductory examples. 

In a first example, example 1, we assume we want to check if the conjunction 
of two word-level signals of width 8, denoted by jc[8] andj>[8] can evaluate to the 8- 
10 bit zero vector. Let 'and' denote bitwise Boolean conjunction. In RTL, we have to 
check if the equation 

jcjgj andj> (8) = 00000000 (1) 

1 5 is satisfiable. A corresponding bit-level representation of the same problem involves 
16 variables and 8 equations. It is not necessary to solve all 8 equations because bit 
positions 0-7 are treated uniformly. Let x\\] and denote signals of width 1. It is 
sufficient to check if: 

x\ l} andj' m = 0 (2) 



is satisfiable, because (1) is satisfiable if and only if (2) is satisfiable. Furthermore, a 
satisfying solution for (1) can be obtained from a satisfying solution of (2) by copying 
the values of jc'[ij 1 andj>'[i] into all bit positions of the corresponding signals of (1). 
For example, jc 5 m = 1, yields = 00000000 andjfg] =11111111. 

In the example above, signals jc [8 ] andjjg] both could be reduced to a width of 
one bit. In general, reduction depends on the structural data dependencies occurring in 
the cone of influence of a signal in a given design. 



30 In a second example, given the assumptions of Example 1, we let Z[ 4 ] be an 1 

additional word-level signal of width 4 and assume that z (4 ] is assigned to the 4 most 
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significant bits of jc [8 ]. That is to say we have to check if the following system of 
equations is satisfiable: 

*[8][ 7 >4] = Z W 

5 x [S] andy m = 00000000 (3) 

Bit positions 0 — 3 as well as 4 — 7 are treated uniformly, though both cases in a 
different way. Signals jc [8 j and j> [8 ] have to be split. Let x\ 2 ], y\ 2 ] and z\\] denote 
signals of width 2 and 1 respectively, and consider: 

10 

[1,1] = z l m W 
x l m andjpj = 00 



System (3) is satisfiable if and only if (4) is satisfiable. To obtain a solution of 
15 (3), we copyjc'[2][l, 1] into all positions of jc (8] [7, 4] andx' [2 ] [0, 0] into all positions 

of JC[ 8 ] [3, 0]. The same is done for y\ 2] andj>[8] , and z\\\ is copied into all positions of 

Z[ 4 ]. For example, x\ 2] = 10, y\ 2] = 01, z\\\ = 1, yields x m = 11110000, 

^[8] = 00001 1 1 1 and z\a\ = 1111. 

Signals x\z\ and y\%\ are both split into two parts, and each part can be reduced 
20 to a width of one bit, resulting in an overall width of 2 bits for x\ 2 \ and y\ 2] . In 

general, it is not always possible to reduce a chunk of bits processed in exactly the 

same manner to only one bit. Equations containing dynamic data dependencies, e.g. 

if-then-else operators, require an analysis of all possible inequalities between signals, 

as shown in the following example. 
25 In a third example, we let x Wi y m and Z[t\ be data signals of width 8, and let 

a ( i], b[ij and qi) be control signals. The satisfiability of the following system of 

equations can be characterised as: 

a m = ite(x [8 )= j[8], 0 m , l ( i]) 

b[ij = ite(v [8 r Z[8], 0|ij, l[ij) satisfiable 

c (n = ite(z ( 8r x i*h %b l m) <^> ^i^Jis] A y[s)^Z[s) A zm^x [S] 

lji] = a[ij and bfi] and qij 



® 
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Obviously, jcpj, >>[g] and Z[gj cannot be reduced to a width of only one bit, because *[gj ^ 
^[8] A 7[8]^2[8] A Z[8]^*[8] is satisfiable, while ^'[lj^^'ii] A y\\]^z\i] ^ z'lii^x'm is 
not. Insted the following holds: 

5 Instead, the following holds: 

*[m] £y[m] A y[m) * Z\m\ A z [m )£x [m] is satisfiable for all m > 2. 
Therefore, 2 is the minimum value for m which 

satisfiable 

X\%] ^ J>{8] A ^[8] ^ 2[g] A Z[8] ^ *[8] <=> ^[m] + V\m\ A J>(m] ^ Z[m] A 2[m] ^ «*[m] 



10 is true, and thus the original system of equations can be replaced by 



a' m = ite(x' [2 }= y pi, 0 m , l m ) 

b '[i] = ite(y 'pr z '[2), 0 ( i], l ( i]) 

cV] = ite(z '[2)= x 'p], 0 m , l ( i]) 

1 1 1 j = a'[i] and b'[i] and c\\] 

Without changing satisfiability. 

6 

15 A satisfying solution for the original system can be obtained from a solution of (5) by a 
sign extension of the values of the reduced variables, e.gof the reduced variables, e.g., 
jc'[2] = 00, y ( 2] = 01, z' ( 2] = 10, yields jc (8] = 00000000, y m = 00000001 andz {4 ] = 
11111110. 

The process of scaling down signal widths is separated into two sequential 
20 phases. / 
The basic idea of this abstraction technique is shown in the flow chart, 200, of ! 
Figure 2, as will be described below. First, the coarsest granularity of each word-level j 
signal JC[i6] is computed, as determined by the structural data dependencies in a I 
granularity analysis step, 210. A granularity is a separation of a signal into several ) 
25 contiguous chunks, 218, which indicate the coarsest possible subsumptions of J 
individual bits of the signal, which are treated in the exact same manner with respect j 
to structural data dependencies. Then, for each chunk, the necessary minimum width, 
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220, is computed, as required by dynamical data dependencies in a minimum width 
abstraction step, 212. According to these computed minimum chunk widths, the 
reduced width for the corresponding variable is reassembled, in a reduced model 
generation step, 214, to be provide a reduced signal, 222. 
5 The present invention provides an equational theory BV ext of fixed-size 

bitvectors, derived from the core theory of bitvectors. Let B = {0, 1} denote the set of 

bit values 0 and 1 . A bitvector of width n E N+ is a vector element of B", consisting of 
n individual bits which are indexed from right to left, starting with index 0. Bitvectors 
are written as binary bitstrings, and, accordingly, the set B" of bitvectors of length n is 

10 denoted by B [n j. The invention provides a bitvector variable definition wherein, for n E 

N+, a bitvector variable X[ n j of width n is a typed variable, representing fixed-size 

bitvectors v E B[ n ] of width n. 

Fixed-size in this context means that for each bitvector variable the width n is a 
fixed (but arbitrary) positive natural number. We write Jc fn ][/] to refer to the I th bit of 

15 X[ n ]. BV QXt includes bitvector variables and bitvector constants q n ], n E and c E 
B[ n ). The present invention, compared to the core theory of bitvectors, provides 
additional high-level operators as tabulated in Figure 3. Further operators, like shifts, 
rotations or further comparisons, are conveniently expressed within this theory. The 
Boolean predicates = and < occurring in the guards of ite (if-then-else) expressions, are 

20 defined on two bitvector arguments of equal width. Equality is defined bitwise, 
whereas < is defined according to the lexicographical order of bitstrings. 

The set of terms is defined over a set of free bitvector variables and the 
operators shown in Figure 3. If the terms are "well-formed" then the terms require 
variable widths to comply with operator demands, and index expressions must not 

25 exceed the widths of argument terms. A valuation is an assignment of values to the 
bitvector variables occurring in the terms. A system E of equations over such terms is 
satisfiable if there exists a valuation of the variables such that all equations of £ hold 
simultaneously. Correspondingly, we define the term "valid" such that E is 
universally valid if all possible valuations satisfy E. 

30 
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In a fourth example, X[\ 6] and z [4\ are bitvector variables. Consider: 

1. X[16][15,8] ® x [l6] [7,0] = *[, 6 , 

2. X[i 6] = neg (x x6] ) 

3. j[4] and 1100 [4 ] = Z[4] 

Equation 1 is universally valid and Equation 2 is unsatisfiable. Equation 3 is 
satisfiable, e.g. by y w := 01 1 1 [4 ] and z\4] ™ 0100[ 4 ], but not universally valid. 



10 



In a fifth example x m and j>[4] are bitvector variables. 
- neg (x [S] [0,0]) 



Consider the system of equations given above. Taken separately, the first and 
15 second equations are satisfiable. However, the system of equations, as a whole, is 
unsatisfiable. 

Referring now to Figure 4, there is illustrated the steps of the proposed 
abstraction technique in accordance with the present invention. As a first step, the 
RTL representation of design, 410, and property is translated into a system E, 4 1 2, of 
20 equations of bitvector terms over BV ex t, such that: 

E is satisfiable <=> Property does not hold for the Design (5) 



A possible solution of if existent, would be a counterexample which would 
give value assignments to all circuit signals, such that the property does not hold for 
25 these assignments. 

The data dependencies within the bitvector equations of E are analysed, 414, 

and a second system E' ,416, of bitvector equations is computed, in which the type 
(i.e. the width) of each bitvector variable is reduced to a smallest number of bits that is 
possible with respect to the abstraction technique, such that: 

30 E ' is satisfiable <=> E is satisfiable (6) 
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From (5) and (6) it follows that: 

E ' is satisfiable <=> Property does not hold for the Design (7) 

5 E ' is translated back to an RTL netlist, 4 1 8, representing a scaled down 

version of the original design. According to (7), the property checking task can be 
completely carried out on the reduced model. 

Given a system E of bitvector equations over BV ext , structural and functional 
dependencies are imposed on the bitvector variables by the high-level operators 
10 occurring in the equations. Dependencies may be found between complete variables 
or only between certain parts. For each variable, the present invention analyses such 
dependencies and determines the contiguous parts in which all bits are treated 
uniformly with respect to data dependencies. 

Further definitions are now provided for 'Chunk' and 'Granularity': A chunk 
15 *[-„]</,/>, o < / <j < w, of a bitvector variable jc [n] is a syntactical representation for a 
contiguous part ofx lnh i.e. x [n] </*,/> := x [n] [/,/]. 

Chunks are used to describe the above-mentioned contiguous parts of bitvector 
variables. 

A granularity of a bitvector variable jc [n ] is any ordered decomposition of X[„j 
20 into chunks{Ar (n] </ 2 ,ii> 3 *fn] ^qJ^} 0 = ii<ji = / = i 2 </2 +1 = ... = iq <jq + 1 = such 
that 

is a tautology 

In a sixth example, jc^j is a bitvector variable. {jC[i6]<15 > 18>, jc ( i 6 ]<7,4>, 
25 jc[i6]<3,0>}is a granularity of JC(i 6 ], whereas {X[i6]<15,10> ) Ar(i 6 j<5,0>} and { 
x [ i6]<15,5> y x [ i6 ] <10 5 0>} is not. 

Granularities are used to describe how different data dependencies exist for 
different chunks of a bitvector variable. Non-uniform structural dependencies occur 
whenever a variable (or a term) is not treated as a whole, but separated into parts upon 
30 which different operations are performed, e.g. by extractions or concatenations. 
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The relation between granularities and structural dependencies is shown in a 
further example: consider the following bitvector equation: 

*18] = y[4] ® Z[4] 

The concatenation on the right hand side of the equation imposes different 
5 dependencies on the upper and lower part of x m , the first depending on j> (4 ], the latter 
on Z[4). This is described by the granularity { x m (7A\ ( 3 >0)}. 

For each bitvector variable X[ n ], the method in accordance with one aspect of 
the invention computes the coarsest possible granularity which describes the splitting 
of data dependencies for jc [n ], as imposed by the equations of E. Slicing is performed 

10 only if necessary. For example, the equation x\\e\ = J[i6] [15,12] ® J>[i6][l 1,0] is 
equivalent to JC[i6] = y[\s) and does not require slicing ofX[i 6 ). Hence, initially a 
normalization of all bitvector terms is performed. The computation of the coarsest 
granularities is carried out using an equivalence class structure which groups chunks 
between which functional dependencies are detected. 

1 5 Granularity analysis and functional dependencies are shown in another 

example. The equation given in the fourth example imposes functional dependencies 
between jc [8] [7,4] and j> (4 ][3,0] and between x m [3,0] and Z[ 4 ][3,0]. The resulting 
equivalence classes are {jc 18] <7,4> J>[4]<3,0>} and {x [8] <3,0> z [4] <3,0>}. As a second 
example consider JC|i 6 j =J>[i6] or Z[iey Here, x { u], y\\6} and z\\e} are related to each other 

20 by a bitwise Boolean operator, requiring that all three go into the same equivalence 
class {x ll6 ]<15,0> J[i6]<15,0> z [16] <15,0>}. 

The equivalence class computation works incrementally and can efficiently be 
performed by employing a union-find algorithm, which, besides the known umion() 
and find() operations, defines a new procedure slice(). Initially, in each bitvector 

25 group of classes, 510, variable jc [n ] resides in its own singleton equivalence class: 
{x [n ]<n - 1,0>}. Find (JC[ n]> /) yields the (non ambiguous) equivalence class, which 
includes a chunk of jc [n ]which contains bit position /, union() performs the usual set 
union of two classes, and slice(jt( n] j,/) calls fmd(x [n ],/) and find(x [n]l /) and splits all 
chunks of the respective classes at the bit positions corresponding to / and j and groups 

30 the originating parts in two new equivalence classes, as illustrated in Figure 5, with a 
second group of classes, 512. 



14 
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Figure 6 exemplifies a granularity analysis in terms of bitvectors, dependency 
classes of bitvectors chunks and granularities. Each bitvector equation e is processed 
sequentially by the analyser and the next state of the equivalence class structure is 
computed by means of the procedure gran(e), which is outlined in process 1 as shown 
5 in Figure 6a. Once all bitvector equations have been processed, for each bitvector 
variable the coarsest possible granularity is given by the state of the equivalence 
classes. 

The granularity analysis decomposes the initial satisfiability problem for £ into 
a number of independent satisfiability problems, characterized by the computed 
10 equivalence classes. The solutions of these problems can be characterized by bitwise 
bitvector functions, as will be defined as follows: 

Let n G N^: and k G N + , a k-aiy bitvector function on bitvectors of width n is a 
function. 

1 5 F [n] : ff [n ] x x B [? 3 — B [n] 

k 

Bitvector functions Gji) : B x ... x B — ► B on bitvectors of width 1 are called 
Boolean functions. 

20 Let n E N+, k € N+, and F[ n ] be a k-ary bitvector function on bitvectors of width n. 
F[ n] is a bitwise bitvector function if there exists a k-ary Boolean function G[ij such 
that: 



F[n) = (G[i],G m ,...G m ) i.e. V /€ {0,...,n-l} : / r In )(r , w ,...^ k [n] )[i] = 
25 G[i](x l w ['l-A]W) 



F[ n ] operates uniformly on all bit positions of its arguments according to Gpj . If two 
k-ary bitwise Boolean functions F l [ n ] and F 2 [ m ], one taking bitvectors of width n as 
arguments and the other bitvectors of width m, operate according to the same Boolean 

30 function G\\\ , then this correspondence is denoted by F\ n ] ^ ^ 2 [mj. 
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in a ninth example x^] , j [8 ] , Z[8] are bit-vector variables of width 8 and let* '[4] , y'w 
, z\a\ , be bit-vector variables of width 4. Let 

F l m (*i8i > ym > ) := x m 311(1 ( ne g ( J «■ *m); 

5 

^ [4] (*'[4) > -K'w , 2 r ( 4]):= *'[4] and (neg (j' (4 ^ * r ^ d 

F l [g] and F 2 ^] are bit- wise bit-vector functions with F\s] ~ ^[4]- Furthermore, 
consider: 

10 

gF*[S] (x m ,y m , z { s] ):= (x m [7,4] and ^[7,4]) 8 Z [8 j[3,0]; 
i^ [8 ) is a bitvector function, but not bit-wise. 

Let C be one of the equivalence classes computed by the granularity analysis. The set 
15 of all satisfying solutions of E, projected to the chunks contained in C, can be 
characterized by a first theorem with respect to satisfiability: 

IfC= {jC 7 [nl] </i,/i> ...,^[n] </*,'*> }, 

with j\ - /"i = ...=jk- ik = n, then there exists a k-ary bit- wise bit-vector function: 
20 F[ n ] (x 1 [n] </i, i\ >, . . - , Jc k [ n ] < y*, i* >) such that the set of satisfying solutions of the 
equation 

*M (*' M <fu h > x 2 [n) <h, h>-.., An] <A ik >) = 000^ 

n 

25 describes the set of solutions of E, projected to jc 1 ^] <j\ 9 i\ >,. . ., x^nj < M '* > - 

Referring now to Figure 7, there is shown an equivalence class Q containing chunks of 
width rij. For each such class C it a cp(CV < n. is computed, <p(C i ) depending on the 

number of chunks residing in C . and on the number of possible inequalities between 

30 these chunks, as determined by the guards of if-then-else expressions in the bitvector 
equations. 
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The satisfiability problem B [nih which is related to C, according to method 1, is 
satisfiable if and only if the modified satisfiability problem B [<p( a)], in which each 
chunk of C, is replaced by a corresponding chunk of width <p(Ci) y i.e. we have B [yti] 
5 ~B[<p(C0], is satisfiable. 

We will now consider the reduction of bitvector widths with a second method: Let V w 

= { x\ n] , x? [nh be a finite set of k bitvector variables of width n € N+. Let 

F [n }(x ] [nh * 2 [n]>--- Aj) be a k-ary bitwise bitvector function on V (n)> and let I ^ V [n ] x 
V In] be a set of pairs of elements of V [n] , such that Pi,..., P q are the connected 
10 components of the corresponding undirected graph (V[ n ], I). Let 

<p(V In ,,E) := |V W | " |{Pi,-.,Pq} I =k-q 
and let m := max { (p^V^E), 1 }. Then the following equivalence holds: 

There exists a valuation v of x\ n]f ... ,x* [n] There exists a valuation v of x 9 

[mj> X [raj 

such that F [n] (v(x\ n] \ ...,v(^ (n ^ = 0 [n] <=> of such that F [m) (v(x ,7 lml ),..., v(x ,k M )) = °[m] 

EINBETTEN 

and for all e 1 : V (*W * v(x/ fnJ ) and for all (x 1 [m] pi f fmJ ) e I : v(x%/) ^ v(a:%;) 

1 5 where F [m ](x\ m] x> 2 [ m]y ...X k [rn)) is the corresponding bitwise bitvector function with F 
(m) - ^[n] on bitvectors x' l [mh x' 2 [mh ... y x' k [T n) of width m. 



The information about possible inequalities is obtained during the Granularity Analysis 
and annotated within the equivalence classes. For each equivalence class C we define 
20 (p(C) := max{<p(f7„;, }, where V [n] is the set of chunks in C, and / is the set of 

possible inequalities annotated to C. The reduced system E f of bitvectors equations is 
constructed according to process 2. 

Example 10. Let x^ j[i 6 ), Z\\6) be bitvector variables and assume that E contains the 
25 following equation: 

x { s] = 0[i6] and£[i6])[15,8] (8) 
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Assume that granularity analysis and minimum width abstraction yield the following 
results: 

Q = { .. ,x (8] <7,0>j; { , 6] <15,8>z ll6] <15,8> ...}; <p(C() = 2 
C i+1 = {...J'[i6]<7 J 0>^ [161 <7,0> ...}; <p(C i+ 0= 3 



The granularity qfy^ for example, is given by : 
10 {;F[i6]<15,8>,j>ii 6] <7,0>}, i.e. ^[i6][15 5 8] ® j; [161 [7,0] 

According to the minimum chunk widths, the corresponding reduced variable is 
assembled as follows: 



15 



20 



{y'l5](4,3), y\ 5] <2,0>}, i.e. y* m =y l5 )[4,3] ® y\ 5] [2,0] 

Hence, the reduced equation of E', which corresponds to (8) of E is: 

x' m = 0" [51 andz' I5] )[4,3] (9) 
Indices of extraction expressions are modified according to the new chunk widths. 



Method 1 and method 2 yield that the original system E of bitvector equations is 
satisfiable if and only if the reduced system E\ where all chunks of each class C, are 
25 reduced to a width, (p(d), is satisfiable. 

Accordingly a third method is applied: The reduced system E' of bitvector equations 
which results from the proposed abstraction technique is satisfiable if and only if the 
original equational system E is satisfiable. For each solution of the reduced system a 
30 solution of the original system can be computed 



18 
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It is to be understood that <p(C) depends only on the sizes and number of the connected 
components of the corresponding undirected graph of C and / The computation of the 
number of connected graph components for each class can efficiently be done by using 
a union-find algorithm, and, moreover, can be embedded within the computation of the 
5 equivalence classes during the granularity analysis. 

Let Vf„j = {x l [nh ...^[n]} be a set of bitvector variables, B[ n j{x l [n]y ...^ [n] ) be a bitwise 
bitvector function and / ^ V fn ] x Vf n j. For m E N+, let Bf m j denote the corresponding 

bitwise bitvector function with Bf m j - B [n] on bitvector variables x 91 ^...^^ of 
10 width m t and let P(B [m j,I) denote the following satisfiability problem: 

There exists a valuation v of x 1 [ m ],...^ k [m] such that: 

P(B [m] J) <=> B [m] ,(y ( x \ m] ) 9 .. 9 v ( x\ m] )) = 0 £ra] and for all ( x\ n] , x\ n] ) E / : v(jc l [m] ) * v(^ m7 ) 

15 

According to Theorem 1, each satisfiability problem belonging to an equivalence class 
C can be described by a bitwise bitvector function B f „j and a set of inequalities /. The 
reduced chunk width m := (p(C) computed in Theorem 2 is independent of any further 
mathematical property of Bf n j y i.e. we purposely abstract from the concrete aspects of 
20 Bf„j except for bitwise operation, m is minimal with respect to this abstraction, which 
leads to a fourth theorem, relating to minimality:. 

Let V (n j = {x l [n] >... ^[njj.be a finite set of k bitvector variables of width n E N+. Let J 

^ V[n], and let m := max{ (p(V( n] , I),l }. Then there exists a k-ary bitwise bitvector 
25 function ^(jc 1 ^],...^^) such that 

P(B fmJ J) « P(B rnj9 I) and not (P(B fm _ l]t I) <^> P(B [nh I)) 

i.e. m is the minimum width for which P(B [mh f) is satisfiable if and only if P(B [n ],I) is 
30 satisfiable. 
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A prototype system was implemented in C++ and tested in several case studies at the 
Design Automation department of Siemens Corporation in Munich and at the 
Computer Network Peripherals department of Infineon Technologies in San Jose, CA. 
All test cases were run on an Intel Pentium II PC with a 450 MHz CPU, 128 MB main 
memory and a Linux operating system. Referring to Figure 8, which shows a block 
diagram of an ATM switching element 800, a case study of an address management 
unit of an ATM switching element will now be discussed. Results are tabulated in 
Figure 9. The design comprised of approximately 3000 lines of Verilog code, the 
netlist synthesis comprised of approximately 24.000 gates and 35.000 RAM cells. 
Signals input to cell inputs 802, which are multiplexed by multiplexer, 804, to a central 
RAM, 814, or via a target decoder 806 to an RTL unit 808, which provides signals to 
the central RAM. The RTL unit incorporates 16 FIFO queue buffers, 810, and complex 
control logic, 812. Memory addresses are fed to 33 input channels to the multiplexer 
unit, 804, stored in FIFO's and, upon request, output from one of 17 output channels, 
816, while the cell sequence is preserved and no addresses are allowed to be dropped 
from the management unit. 

The prototype was used as preprocessor to a collection of known property 
checking tools. Three different properties, nop, read and write were required to be 
verified, which specified the intended behaviour within a range of 4 timesteps (nop, 
write), respectively 6 timesteps (read). It transpired that the write property did not 
hold due to a design bug in the Verilog code. A counterexample for the reduced model 
was found by the property checkers and recomputed by the prototype into a 
counterexample for the original design, whereupon the bug was fixed by the designers 
and the property was again checked on the corrected design (write fail, write hold). 
All runtimes on the reduced models were compared to those achieved on the original 
design without preprocessing. The results are given in CPU seconds (respectively 
minutes) and are shown in Figure 9. 

The present invention provides a significant reduction in the different sizes of 
the design models and a tremendous drop in the runtimes of the property checkers. 
Design sizes could be reduced to approximately 30% of the original sizes, and 
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runtimes dropped from between half and three quarters of an hour to minutes or even 
seconds. Note, in particular, that the computation times the prototype took to analyse 
the designs and generate the reduced models, ranging between 3 and 7 seconds, are 
negligible compared to the runtimes of the property checkers. 

Figures 10-18 show flow charts for granularity analysis, minimal width 
abstraction, model generation, together with three corresponding examples. 

Reduced runtimes and a reduced requirement for memory needed in 
computations is one requirement to match today's sizes of designs in hardware 
verification. The present invention provides an abstraction technique which, given a 
high-level circuit and a property specification, scales down the design by reducing the 
widths of input, output and internal signals. The method provides a one-to-one 
abstraction, which yields minimal models with respect to the minimality statement we 
have given. If a property fails, counterexamples for the original design can be 
computed from counterexamples for the reduced model. Pre- and post-processing of 
design and counterexample and the property checking process itself are strictly 
separated. The proposed method is independent of the system realization of the 
property checker and can be combined with a variety of existing verification 
techniques which take RTL netlists as input, no matter if the underlying prover engines 
operate on bit-level (like SAT or BDD-based approaches), or use high-level techniques 
(e.g. Integer Linear Programming, Arithmetic Constraint Solving). The approach is 
particularly well suited to SAT and BDD-based hardware verification, since the 
complexity of those techniques depends on the number of variables such provers have 
to deal with. 

In known SAT and BDD-based circuit verification such variables are created 
(at least) for each single bit of each signal of the circuit. In Bounded Property 
Checking even multiple instances of each variable and each signal have to be created 
for each step of the considered interval of time. In practice, design sizes range from 
several thousands up to 2 - 5 million gates and typical bounded properties incorporate 
2-30 timesteps depending on the field of application. 
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Appendix 

Algorithm 2 Reduced Model Generation 

1 for each bitvector variable x [n] { 
5 2 m:=0; 

3 for each chunk Xf„j(j\ i) of the computed granulartiy of x [n] { 

4 C := find (Xf n j(J t i)): II equivalence class containing x fn j(f f I) 

5 m := w + ^(C); 

6 } 

10 7 if then m := /?; 

8 replace all occurrences of Xf„j of bitvector equations by jc '[ m j 

9 and adjust all extraction expressions affected by X[ n] \ 

10 } 
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Claims 



1 . A digital circuit design verification method characterised in that for each 
5 property of a non reduced RTL model a reduced RTL model is determined for a design 
specification, which reduced RTL model retains the signal property of the non-reduced 
RTL model and which reduced RTL model is subjected to a property checking 
process. 

10 2. A digital circuit design verification method in accordance with claim 1, 
wherein prior to the determination of a reduced width RTL model, the design 
specification and properties of a digital circuit design are determined; and, 

an RTL netlist of high level primitives is synthesised whereby the 
circuit is defined as an interconnection of control and data path portions, wherein 

1 5 signals of a width n are determined such that n E N+; 

and bitvectors of respective length determine the signal value. 

3. A digital circuit design verification method in accordance with claim 1 or 2 
wherein in the property checking process, an internal bit-level representation contains 
20 a bit-level variable for each bit of each word signal, which representation is 

sequentially passed to a verification engine and then to a property test unit which 
operates to provide a positive result if the circuit property holds true and which 
operates to provide a counterexample in the case that the property does not hold. 

25 4. A digital circuit design verification method in accordance with claim 3 

wherein, in the event that a counterexample is produced for the reduced RTL design, 
signal width enhancement is performed to create a counterexample for the original 
RTL 

30 5. A digital circuit design verification method in accordance with claim 1, 

wherein the RTL model includes word-level signals comprising bit-vectors and, for 
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each bit-vector variable, the method of reducing the RTL model is separated into two 
sequential steps; 

the first step comprising the computation of the coarsest granularity of each 
word-level signal whereby to separate each signal into several contiguous chunks 
which indicate the basic groups of bits with respect to structural data dependencies, 

the second step comprising the computation of the minimum width with respect 
to dynamic data dependencies. 

6. A digital circuit design verification method in accordance with claim 5, 
wherein, for each bit-vector variable, the computation of coarse granularities is 

performed by means of an equivalence class structure, 

whereby an initial satisfiability problem can be considered as a number of 
independent satisfiability problems. 

7. A digital circuit design verification method in accordance with claim 6, 
wherein the solution of the independent satisfiability problems can be determined by 
bit wise bit-vector functions. 

8. A digital circuit design verification tool characterised in that a pre-property 
checking unit is operable to reduce the widths of the signals occurring in an RTL 
model of an input design specification, which reduced width RTL model retains the 
signal properties of a non reduced width RTL model. 

9. A digital circuit design verification tool according to claim 5 wherein the tool 
further comprises a front end unit operable to receive input data relating to a design 
specification and property characteristics of a design to be verified and is operable to 
provide an RTL netlist of the said design and property whereby the circuit can be 
defined as an interconnection of control and data path portions, wherein signals of a 
width n are determined such that: 

n G N + ; and 

bitvectors of respective length determine the signal value. 
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10. A digital circuit design verification tool in accordance with claim 8 or 9 
wherein the property checking unit is operable to receive a reduced RTL representation 
and to create an internal bit-level representation containing one bit wfor each bit of 
each word signal, which representation is sequentially passed to a verification engine 
5 and to a property test unit, the property test unit being operable to provide a positive 
result if the circuit property holds true and which operates to provide a counterexample 
in the case that the property does not hold. 
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11. A digital circuit design verification tool in accordance with claim 10 wherein in 
10 a signal width enhancement unit is operable to receive a counterexample for reduced 
RTL data and to expand the signal width to provide a counterexample for the original 
RTL. 



12. A digital circuit design verification tool in accordance with claim 8, wherein 
15 the RTL model includes word-level signals comprising bit -vectors and, for each bit- 
vector variable, the tool is operable to reduce the RTL model width of a signal in two 
sequential steps, 

wherein, a first step, a coarse granularisation of each word-level signal is 
determined whereby to separate each signal into several contiguous chunks which 
20 indicate the basic groups of bits with respect to structural data dependencies; and, 

in a second step, a minimum width with respect to dynamic data dependencies 
is determined. 



13. A digital circuit design verification tool in accordance with claim 12 wherein 
25 the tool is operable to arrange coarse granularities in terms of an equivalence class 
structure. 

whereby an initial satisfiability problem can be considered as a number of 
independent satisfiability problems. 
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ABSTRACT 

A METHOD OF CIRCUIT VERIFICATION IN DIGITAL DESIGN 

The present invention relates to a method of circuit verification in digital 
design and in particular relates to a method of register transfer level property checking 
to enable the same. Today's electrical circuit designs frequently contain up to several 
million transistors and circuit designs need to be checked to ensure that circuits operate 
correctly. Formal methods for verification are becoming increasingly attractive since 
they confirm design behaviour without exhaustively simulating a design. The present 
invention provides a digital circuit design verification method wherein, prior to a 
property checking process for each property of a non-reduced RTL model, a reduced 
RTL model is determined, which reduced RTL model retains specific signal properties 
of a non-reduced RTL model which are to be checked. A linear signal width reduction 
causes an exponential reduction of the induced state space. Reducing state space sizes 
in general goes hand in hand with reduced verification runtimes, and thus speeding up 
verification tasks. 
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I 

Initalize Granularities for all Variables 

I 

Initalize Equivalence Classes 



Process (next) Equation 



Canonize left and right Term 
to Compositional Normal Form 



I 



Compute coarsest possible Intersection 
with current Granularities 



Identify mutually related Chunks 



YES 




NO 



x [8] [7,2]<g>x [8] [1,0] = 

(a [4] <g>b [4] <g>c [4] )[11,4] 

x [8] [7,0] = a [4] [3,0](2)b [4] [3,0] 



x [8] [7,4]<2)x f81 [3,0] = 



[8]L 



(a [4] [3,0]<g>b r41 [3,0] 



x [8] [7.4)<— >a [4] [3,0] 
x [8] [3,0]<— >b [4] [3,0] 



Fig. 10 
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I 

Initalize Granularities for all Variables 

i 

Initalize Equivalence Classes 



Process (next) Equation 



I 



Canonize left and right Term 
to Compositional Normal Form 



I 



Compute coarsest possible Intersection 
with current Granularities 



Identify mutually related Chunks 



X [8] ~ ite ( a [4] ~ b [4]> y[8]' Z [8]) 



x [8] ~ ' te ( a [4J ~ b [4]> y[8]' 



x [8] [7,0] = ite(a [4] [3,0] = 

b [4][ 3 .°]. y^pM* W 7 ' 0 ^ 

a [4] [3,0] <— > b [4) [3,0] 
x [8] [7,0] «— > y t8][7 ,0] 
x [4] [7,0] <— > zj 8] [7,0] 



YES 



Is there another 
Equation ? 



NO 



Fig. 1 1 



05-04-2001 
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I 

Initalize Granularities for all Variables 
Initalize Equivalence Classes 



Process (next) Equation 



a [16] and b [16]- C [16] ° r d [16] 



Canonize left and right Term 
to Compositional Normal Form 



I 



Compute coarsest possible Intersection 
with current Granularities 



I 



Identify mutually related Chunks 



a [16] and b [16] 



C [16] ° r d [16] 



a [16] [15,0] and b [16] [15,0] = 

c [16] [15,0], ord [16] [15,0]) 

a [16] [15,0]<-^>b [16] [15,0] 
a [16] [15,0]<— > C[16) [15,0] 
a [16] [15,0]<— >d [16] [15,0] 



YES 



Is there another 
Equation ? 



NO 



Fig. 12 
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i 



Granularity-Analysis 



Process (next) Equation 



i 



Analyze Data-Dependencies 
according to the specific Types of Operators 
(e.g. If-Then-Else, Arithmetics, 
Boolean Operators...) 



YES 




NO 



Take System of Equivalence Classes 
with Dependency Information 



x [8] [7,4] <g>x [8] [3,0] = 

a [4] [3,0](8)b [4] [3,0] 



Dependencies 
not conditioned 
by operator 



Process (next) Equation 



C, Dependencies not 

conditioned by operator 



Compute Minimum Width depending on 
Size (Number of Chunks) and Dependencies 
(among Chunks of the Class) 



YES 




min = 1 



NO 



Fig. 13 
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Granularity-Analysis 


o 





o 



Process (next) Equation 



i 



x [8] " ite ( a [4]~ b [8]' Z [8p 



Analyze Data-Dependencies 
according to the specific Types of Operators 
(e.g. If-Then-Else t Arithmetics, 
Boolean Operators...) 



Possible inequality a^ b 



YES 




NO 



Take System of Equivalence Classes 
with Dependency Information 



V 



Process (next) Equation 



Compute Minimum Width depending on 
Size (Number of Chunks) and Dependencies 
(among Chunks of the Class) 



C, Dependencies conditional 
upon inequality 



min = C - Dependency 
component 




'"a. 14 



o 



o 
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1 



Granularity-Analysis 



Process (next) Equation 



Analyze Data-Dependencies 
according to the specific Types of Operators 
(e.g. If-Then-Else, Arithmetics, 
Boolean Operators...) 




Take System of Equivalence Classes 
with Dependency Information 



Process (next) Equation 



Compute Minimum Width depending on , 
Size (Number of Chunks) and Dependencies 
(among Chunks of the Class) 




NO 



a [16] and b [16] =C [16] 0f d [16] 



Boolean-conditioned 
dependency 
B(a [16J , b [16] , c [16 j, d [16J ) 



C, Boolean-conditioned 
dependency 



min = max(min(B)) 
B 

B Boolean component 
dependency of C 



Fig. 15 
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A 



Granularity-Analysis 



i 



Minimum-Width-Abstraction 



Go through all initial Equations 

i 



Process (next) Equation 

i 



Canorize Equation to Normal Form 
and go through all Variables occurring 
in the Equation 



3 



Process (next) Variable 



Compute the sum of all Minimum Width of all 
Chunks of the Vaiable 
according to the computed Granularity 
and Equivalence Classes 



Replace the original Width of the Variable 
by the computed Sum 
in all Occurrences within the Equation 



x [8] <7,4><3,0> 

a [4] <3,0> 

b [4] <3,0> 



x [8] [7.2]®x [8] [1,0] = 
(a [4] ®b [4] [3,0]<g>c l4] )[11,4] 

x t8] [7,4]<8>x [8] [3,0] = 

(a [4] [3,0] ®b [4] [3,0] 



'[8] 



l [4] 



'[4] 



5-2 5-1 



5-1 




x [2} [1,1]<g>x [2] [0,0] = 



a m [0,0] 01^0,0] 




Fig. 16 
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Granularity-Analysis 



Minimum-Width-Abstraction 



i 



Go through all initial Equations 



5 



Process (next) Equation 



Canorize Equation to Normal Form 
and go through all Variables occurring 
in the Equation 



3 



Process (next) Variable 



Compute the sum of all Minimum Width of all 
Chunks of the Vaiable 
according to the computed Granularity 
and Equivalence Classes 



Replace the original Width of the Variable 
by the computed Sum 
in all Occurrences within the Equation 



x t8] <7,6><5,0> 

y [8] <7,6><5,0> 

x [8] <7,4><3,0> 

a [4] <3,0> 

b [4] <3,0> 



x [8] ~ ite ( a [4] = b [4]' y [8]' Z [8p 



X [8] y[4J Z [8] a [4] b 



[4] 



5-3 5=3 5=3 
5=1 5=1 




X [3] ~ ite ( a [1] ~ b [1]> y[3]' ^3] 




7 
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Granularity-Analysis 



Minimum-Width-Abstraction 



a [16 j<15,8> (7,2X1,0) 
b [16] <15,8> <7,2><1,0> 
c [16] (15,8) (7,2X1,0) 
d [16] (15,8) (7,2)<1,0) 



Go through all initial Equations 



5 



Process (next) Equation 



a [16] andb [16] =C [16] 0rd [16] 



Canorize Equation to Normal Form 
and go through all Variables occurring 
in the Equation 



Process (next) Variable 



i 



Compute the sum of all Minimum Width of all 
Chunks of the Vaiable 
according to the computed Granularity 
and Equivalence Classes 



a [16] b [16] c [16] d [16] 



5-4 5=4 5=3 5 = 4 



Replace the original Width of the Variable 
by the computed Sum 
in all Occurrences within the Equation 



a [4] and b [4] = C [4] 0rd [4] 




Fig. 18 



THIS PAGE BLANK (uspto) 



